Newly Patched IE Flaw Already Being Exploited

Attackers are already exploiting a critical remote code execution vulnerability in Internet Explorer that Microsoft released a patch for Tuesday.

The fact that exploit code is in the wild and being used by attackers makes it especially urgent that Microsoft customers immediately apply Microsoft Security Bulletin MS05-054.

The bulletin is a cumulative security update for Internet Explorer and includes fixes for three other new vulnerabilities. One of those flaws is also critical, but it was not publicly disclosed before Microsoft released the security bulletin.

Both of the critical flaws are even critical for Windows XP Service Pack 2. Often, patches that are critical for other platforms are less severe on SP2. Customers running IE 6 on Windows Server 2003 only face a moderate threat from the two critical flaws, according to Microsoft's bulletin.

MS05-054 is one of two security bulletins Microsoft released Tuesday as part of its monthly security patching cycle. The other bulletin, MS05-055, has a maximum severity of important, one step below critical on Microsoft's threat scale. That patch fixes a flaw in the Windows kernel that could allow an elevation of privilege.

Microsoft also re-released MS05-050 on Tuesday to revise versions of the update for Windows 2000 SP4, Windows XP SP1 and Windows Server 2003.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.